has created a Centre for Open Source Research & Innovation (COSRI), noting that increasing reliance on open source for application development underscores the need for continuing investment in research.
“Open source is the way today’s applications are developed and we expect worldwide adoption will continue to accelerate because of the compelling economic and productivity benefits open source provides. Over the next decade, more cutting-edge research, innovation, information and education – particularly related to open source security – are needed to ensure the open source ecosystem remains vibrant. We will be a leader in that effort,” said Black Duck CEO Lou Shipley.
COSRI will be based at Black Duck’s Massachusetts headquarters and Shipley said the two new Black Duck research groups in Canada and Europe will play major roles in its initiatives.
Europe-based Black Duck Security Research analyses security issues and attack patterns in open source software to provide customers with actionable information on vulnerabilities, corrective actions to reduce risk, and strategies for using open source effectively. The Vancouver, Canada group conducts applied research in data mining, machine learning, natural language processing, big data management and software engineering.
“Both groups will be sources of valuable research and reports throughout the year. Their work will help us innovate and improve our open source security and management solutions and a great deal of what they do will also be shared for the benefit of the open source community,” said Shipley.
Through COSRI, Black Duck will continue to issue periodic Open Source Security Audit (OSSA) reports analysing results of applications audited by the company’s On-Demand business as part of M&A activities. Black Duck published a revealing report
earlier this year highlighting the challenges organisations face in securing and managing their open source. One eye-opening OSSA finding was that 67 per cent of the applications contained security vulnerabilities in open source components.
Shipley said the research teams’ work will also add to and enhance Black Duck’s KnowledgeBase™, the world’s most complete, current and accurate repository and database of open source software, associated licenses and other critical information, including known security vulnerabilities. “The KnowledgeBase is the foundation for our products and we’ve been building it for more than a decade. That work will continue uninterrupted as a component of COSRI,” he said.
Black Duck’s Open Hub, its online community and public directory of free and open source software (FOSS), will also be part of COSRI. Open Hub offers analytics and search services for discovering, evaluating, tracking and comparing open source code and projects.
“To continue to grow and thrive, open source needs an active community. Our investment in Open Hub will continue as we include it under the COSRI umbrella,” Shipley said.